FriendsOfGalaxy / galaxy-integration-steam

Integration with Steam for Galaxy
372 stars 76 forks source link

Steam Galaxy integration wants username and password #2

Closed shakeyourbunny closed 3 years ago

shakeyourbunny commented 5 years ago

Hi,

please use Steam OpenID for logging in into Steam. If you want username and password, this raises many suspicions and eye brows.

See also https://partner.steamgames.com/doc/features/auth#website https://steamcommunity.com/dev

Some very basic example: https://gist.github.com/burnsba/91d89befbc2f6d3e2a92

Thank you.

FriendsOfGalaxy commented 5 years ago

Unfortunatelly using OpenID and SteamAPI is not an option, as plugin's service hits API limits after just a couple of minutes (think of all Galaxy users using this plugin). Plugin does not get your user name and password. Instead, it asks Galaxy Client to open a login page https://github.com/FriendsOfGalaxy/galaxy-integration-steam/blob/cd08628b7f47429664c98026bbac299c2650dece/src/plugin.py#L147-L151 and gets the cookies back: https://github.com/FriendsOfGalaxy/galaxy-integration-steam/blob/cd08628b7f47429664c98026bbac299c2650dece/src/plugin.py#L158 The login page is opened in an isolated window, which does not interfere with anything inside the Galaxy Client, nor with the plugin itself. There is an ongoing discussion inside the GOG on how to do authentication process more transparent and secure for the user, so this should improve in the future.

FriendsOfGalaxy commented 5 years ago

I'm closing this for now. If you would have any doubts or topics to discuss, feel free to spawn to re-open , or spawn a new issue.

ManlyMeatMan commented 4 years ago

Has there been any thought about having the user supply their own steam api key? I'm not very familiar with the steam api so correct me if i'm wrong, but wouldn't it be more secure if the user had to get their own api key, plus it would get around the api call limits. And if i'm not mistaken, i think the current methodology used is against steam policy (not that it means much, but just an additional element). My main concern is that while the current integration is perfectly fine, it doesn't mean that in the future someone couldn't steal your github password and push a malicious update. Even with mandatory pull request reviews, a second malicious account could get around that too.

nakda commented 4 years ago

@FriendsOfGalaxy I'd also appreciate the switch to official API usage. I'm definitely not confortable with the current process.

A lot of people are raising concerns on Reddit and Steam forums, and I'd rather educate people on how to get an API key and use a system properly than entering credentials on a web-browser that does not indicate what's the current URL/certificate, nor declare that the community integration is usurping their identity through cookie usage.

There is a good chance GOG team is behind all that and could be trusted, but like @ManlyMeatMan said the repository could get compromised at some point.

I'm also surprised GOG Galaxy is not really popping an alert to properly warn the user about community integration risks and entering credentials.

EDIT: Could it be we at least get the choice between API token and the current way?

shakeyourbunny commented 4 years ago

Every Steam user may create for himself/herself an API key, so this is not really a big deal except writing proper instructions.

I don't want to troll, but without using proper steam integration and Steam friends support, GOG Galaxy will never take off, just integrating the games doesn't cut it.

nakda commented 4 years ago

@shakeyourbunny I was forwarding the news about GOG Galaxy 2.0, as well as screenshots of my library and how it's nice with all launchers merged. Until I discovered that I have been fooled in thinking I could trust Galaxy 100%.

I disconnected all integrations, and changed all my passwords. Personally, I'm holding back until proper integration, and warning all my friends.

FriendsOfGalaxy commented 4 years ago

Thanks for proposals! The most important question for such workflow is: can rich presence and chat in the future be implemented using API scope? I'll check possibilities in a spare time

mainrs commented 4 years ago

A more transparent alternative (I do prefer the API however) would be to open the user's default browser instead. This way people see the URL as well as the certificate.

Edit: @FriendsOfGalaxy I am not sure if the ToS allow chat integration. I vaguely remember that a year or two ago I looked into it for a personal project and came to the conclusion that it wasn't actually allowed. I am no lawyer though...

FriendsOfGalaxy commented 4 years ago

@SirWindfield thanks for info.

Opening default browser would be nice but its impossible to get auth cookies back. Galaxy provides such mechanism in its internal chromium.

NamelessVoice commented 4 years ago

If the issue is the API limit, why not just ask Valve for a special API key that has a higher limit?

Software like this is a legitimate reason to need one, and it would be in Valve's interest to grant it.

If there are any security issues because of the way this integration currently handles Steam credentials, Valve would end up with a huge amount of work dealing with the fallout. Just letting this integration have a high-limit key would avoid that whole risk.

shakeyourbunny commented 4 years ago

As already mentionend, just let the user generate an API key and let him enter it in your plugin, then you have more than enough to get the data. If someone has a really huge library on Steam (scraping on the 10.000 games mark), just chunk the requests, wait 5 minutes and continue, to accommodate that.

I myself have some scraping stuff running with steam, and I REALLY don't run into any issues obtaining and processing the needed data.

This should be a non-issue not needing to force the user entering their credentials for steam except you have built everything about cookies and scraping instead of looking up if there is an API for that.

If you don't know, there is https://steamapi.xpaw.me/ where you can look for matching API calls and this should cover your needs. In addition, if you provide the API key, you also get all the needed user information about the user itself, his/hers game data and wishlist etc.

PS: Did you know that GOG stores the steam library information on their servers and on top of it, even after removing the integration and and re-installation of Galaxy 2.0 GOG still has the data of your steam library? This is just another goof-up and maybe another reason why GOG did not do the Steam integration by itself in order not to get sued.

shakeyourbunny commented 4 years ago

Oh, and disable uploading data and sniffing around my steam account, even GOG Galaxy is NOT running.

For reference for other people: Just go to C:\ProgramData\Galaxy\logs and look what Galaxy is so doing even when it's closed. At least this steam integration plugin does once a full user data upload (with online status) after a clean reboot without having GOG Galaxy opened.

2020-02-04 20:53:54,275 - galaxy.api.plugin - INFO - Using local address: 127.0.0.1:53385 2020-02-04 20:53:54,275 - galaxy.api.plugin - INFO - Creating plugin for platform steam, version 0.45 2020-02-04 20:53:54,342 - galaxy.api.jsonrpc - DEBUG - Received 66 bytes of data 2020-02-04 20:53:54,342 - galaxy.api.jsonrpc - INFO - Handling request: id=0, method=get_capabilities, params={} 2020-02-04 20:53:54,342 - root - DEBUG - Sending data: {"jsonrpc": "2.0", "id": "0", "result": {"platform_name": "steam", "features": ["ImportFriends", "UninstallGame", "ImportUserPresence", "ImportGameLibrarySettings", "ImportInstalledGames", "ImportAchievements", "ShutdownPlatformClient", "InstallGame", "ImportOwnedGames", "ImportGameTime", "LaunchGame"], "token": "42f6f33-e8f6-46e5-9381-6cca7cebce28"}} 2020-02-04 20:53:54,447 - galaxy.api.jsonrpc - DEBUG - Received 1005015 bytes of data 2020-02-04 20:53:54,463 - galaxy.api.jsonrpc - INFO - Handling request: id=1, method=initialize_cache, params={'data': ''} 2020-02-04 20:53:54,463 - galaxy.task_manager - DEBUG - Task manager plugin internal: creating task 0 (tick) 2020-02-04 20:53:54,464 - root - DEBUG - Sending data: {"jsonrpc": "2.0", "id": "1", "result": null} 2020-02-04 20:53:54,464 - galaxy.task_manager - DEBUG - Task manager plugin external: creating task 0 (Update owned games) 2020-02-04 20:53:54,464 - galaxy.task_manager - DEBUG - Task manager plugin external: finished task 0 (Update owned games) 2020-02-04 20:53:54,562 - galaxy.api.jsonrpc - DEBUG - Received 54 bytes of data 2020-02-04 20:53:54,562 - galaxy.api.jsonrpc - INFO - Handling request: id=2, method=ping, params={} 2020-02-04 20:53:54,562 - root - DEBUG - Sending data: {"jsonrpc": "2.0", "id": "2", "result": null} 2020-02-04 20:53:54,785 - galaxy.api.jsonrpc - DEBUG - Received 2426 bytes of data 2020-02-04 20:53:54,786 - galaxy.api.jsonrpc - INFO - Handling request: id=3, method=init_authentication, params={'stored_credentials': ''} 2020-02-04 20:53:54,786 - galaxy.task_manager - DEBUG - Task manager jsonrpc server: creating task 0 (init_authentication) 2020-02-04 20:53:54,786 - galaxy.task_manager - DEBUG - Task manager plugin external: creating task 1 (init_authentication) 2020-02-04 20:53:54,786 - galaxy.api.jsonrpc - INFO - Sending notification: method=store_credentials, params={'cookies': ''} 2020-02-04 20:53:54,786 - galaxy.api.jsonrpc - DEBUG - Sending 2530 bytes of data 2020-02-04 20:53:55,602 - galaxy.api.jsonrpc - INFO - Sending notification: method=store_credentials, params={'cookies': ''}

This plugin should not do ANYTHING, when the Galaxy Client is not open, I don't care if the client itself has a service running or not.

FriendsOfGalaxy commented 4 years ago

@shakeyourbunny

Plugin itself does not need to know whether Galaxy is running, it processes and updates user information in a loop ( for example to keep the information about your owned games fresh or presence of your friends ).

Apart from that it responds to the requests that are being sent from Galaxy. The only 2 destinations of information being sent are Steam backends, and Galaxy client.

Please check whether Galaxy client is hidden in the tray or whether any of its processes are still running in the background in this situation as according to the lines of logs you have sent, its alive.

PS: Did you know that GOG stores the steam library information on their servers and on top of it, even after removing the integration and and re-installation of Galaxy 2.0 GOG still has the data of your steam library? This is just another goof-up and maybe another reason why GOG did not do the Steam integration by itself in order not to get sued.

i believe this information is deleted when you disconnect a platform, not when you delete a folder or uninstall galaxy. There is currently an issue where if you reinstall Galaxy without disconnecting a platform it won't show its still connected, if you perform the connect -> disconnect steps again it will disappear.

I myself have some scraping stuff running with steam, and I REALLY don't run into any issues obtaining and processing the needed data.

We do, the scope of requests and features possible in the current implementation, is much bigger than whatever we could get from scrapping the website.

If someone has a really huge library on Steam (scraping on the 10.000 games mark), just chunk the requests, wait 5 minutes and continue, to accommodate that.

We already had this situation and alot of users were unsatisfied with it, waiting 5 minutes or so to finish an operation is unacceptable for us at this point.

boltronics commented 4 years ago

We already had this situation and alot of users were unsatisfied with it, waiting 5 minutes or so to finish an operation is unacceptable for us at this point.

Just a humble end-user here, but waiting 5 minutes for a background sync to complete is acceptable, even if slightly annoying. However supplying a username and password for my Steam account to an unofficial Galaxy add-on is completely unacceptable, IMO. I unfortunately won't be using this in its current state.

I was concerned about this specifically so went out of my way to find this ticket - I would have reported it myself otherwise.

FriendsOfGalaxy commented 4 years ago

@boltronics

thanks for the feedback!

If this thread gets enough traction we will certainly consider adding a "less intrusive" route to logging-in and services used. After all the only goal for us here is to deliver as many features as we can to as many people we can reach.

EustaceCS commented 4 years ago

Just curious. CardIdle (Remastered too) uses same login page - and it's not a problem. Twitch integration uses same login page - and it's not a problem. EGS, Bethesda.net and other major game sellers use same login page for their integrations - and it's not a problem. Numerous raffle sites use same login page - and it's not a problem. Buuuuut, Galaxy plugin uses that login page - and it becomes MAJOR ISSUE.

It doesn't sound right, totally.

With their Steam Guard you either simply can't have your account compromised even after posting your login+pass for every one to try to use (reference for most spectacular edge case) - or can't use Steam properly at all because Steam Guard less accounts are treated like [CENSORED].

mwisnicki commented 4 years ago

Maybe make an optional Chrome extension to hand over cookies from browser? This will also reduce the amount of times you have to login again described in #27.

boltronics commented 4 years ago

@EustaceCS I don't know about those clients, but I think you're misunderstanding the problem. It's one thing to get you to log in with your Steam credentials using the API, and another entirely to actually take your Steam account browser cookie.

Here's an example of linking your Steam account using Fanatical.com. Yes, you have to enter your credentials on the Steam site, and no, I don't have a problem with this: image

@mwisnicki Same applies to your comment. Steam cookies are the problem that should be avoided, and what you propose is actually even worse from a security perspective.

If API key limits are the problem, has anyone actually tried reaching out to Valve and explaining that? I imagine if Valve sees the alternative in use here, they would have some motivation to sort something out.

EustaceCS commented 4 years ago

@boltronics , I'm not buying it. For me, the plugin pops Steam Guard each time I'm trying to re-link my library just fine. Steam Guard watches = secure. And while Friends of Galaxy are watching over plugin's code base, it's unlikely that something would pass through it. Everything else (like pesky viruses sneaking into end user's computer to inject themselves into plugin) may happen with Steam itself as well - extra ball'n'chains you're promoting won't save against such attacks.

Besides, seen my link with reference for most spectacular edge case? Well, hack it with Steam plugin for GOG Galaxy and earn the eternal glory of Man Who Stole Gabe Newell's Steam Account.

boltronics commented 4 years ago

@EustaceCS, unfortunately you seem to be missing the point also. Steam Guard is just 2FA. That's all it is (and yes I use it for Steam and about 35+ other services I have accounts for). Last I checked, you only need it to sign in to Steam; not to (for example) make purchases. Hence, once that sign-in cookie has been downloaded to your computer, it's vital that that cookie is protected.

FWIW, that's why I run apps like my web browsers and Steam in separate sandbox environments, so they can't see local files for anything except their own applications. Even if one of my applications was compromised, it wouldn't affect the other applications.

EustaceCS commented 4 years ago

@boltronics , we're missing each other's points indeed. I lost more accounts to extra security measures than to hackers/scammers/etc. While it's optional - okay, just give me an option to not use it ever. Keep securing yourself, it's okay, I guess, until it involves me and my comfort.

boltronics commented 4 years ago

@EustaceCS There's nothing for you to worry about then, since you don't need to use Steam Guard if you don't want to, and having the plugin switch to using the API has no impact on your decision there.

Strangely, you were the one who (incorrectly) seemed to imply that by using Steam Guard, not using Steam's API through Galaxy was safe. :slightly_smiling_face:

nakda commented 4 years ago

I returned to GOG Galaxy 2.0 today and I'm surprised this has not been addressed yet. What's the blocker? If no replacement is planned, can a branch or fork dedicated to Steam API implementation be an option?

shakeyourbunny commented 4 years ago

Well, it seems these FriendsOfGalaxy people have a very similar approach to feedback like GOG itself: we are open to discussion as long it fits in their own perspective. Valid criticism and proposed solutions are being sit out, ignored and pointed out that "other projects do it the same way". If millions people eat dirt and say it is tasty, this makes dirt objectively still not proper food nor tasty.

There have been many contributors pointed out here why login in an embedded web browser is unsafe and a proper tokenized login instead is the way to go. If I did not make myself clear, I mean the comment of boltronics https://github.com/FriendsOfGalaxy/galaxy-integration-steam/issues/2#issuecomment-619663589

In this case, the Steam integration is one of the selling points for GOG Galaxy. Without it, not many people would even care to try GOG Galaxy out. Alone the fact that this plugin is not directly integrated into the client is one of the things which really bothers me. My guess is that this externalization is some sort of keeping their hands clean if in any case something goes south with it and/or in the future some legal issues may arise from this integration, so GOG can say "this is an external plugin not made by us, we did not make this and we will not be held liable."

For a proper discussion of the pros and cons for OAuth vs Login see also: https://oauth.net/articles/authentication/

SpoonOfDoom commented 4 years ago

@shakeyourbunny I especially like how all those plugins are "external", but the big ones (like Steam) are still proudly featured in the settings window without having to manually add them, heavily suggesting "we approve of these ones" without actually saying it in writing anywhere. I'm not sure if that level of endorsement comes with a legal responsibility.

FriendsOfGalaxy commented 4 years ago

@Nakda @shakeyourbunny @SpoonOfDoom

I am open to merge requests as long as no features are lost. Preferable way to implement this is to create an optional alternate login route.

@shakeyourbunny

Valid criticism and proposed solutions are being sit out, ignored and pointed out that "other projects do it the same way".

i am sorry i am not able to commit more time to this discussion, currently the reports about crashes and other errors take higher priority to me. I've tried already explaining why things are done the way they are and that is available a few comments above.

Also please lets not turn this into a discussion about selling points of Galaxy or things like that because i will close this issue otherwise. Lets keep it at least a bit technical.

nakda commented 4 years ago

@Nakda @shakeyourbunny @SpoonOfDoom

I am open to merge requests as long as no features are lost. Preferable way to implement this is to create an optional alternate login route.

I am not really familiar with python, but experienced with C# so I'll see what I can do. How would a user chose between available login routes? Where to enter his own API key? Should I start a thread somewhere to make sure we develop something that suits your expectations?

FriendsOfGalaxy commented 4 years ago

@Nakda
Right now when you try to log in to steam a custom html login window is popped up. Imho best solution would be to add a small button with 'api key login' which would then open up next page with a field to enter the api key.

The html and css files can be found here https://github.com/FriendsOfGalaxy/galaxy-integration-steam/tree/master/src/custom_login

There is a single index.html file which changes its layout depending on the parameters passed to it, i think it would work best that after clicking the alternate login button it would simply give an alternate route parameter to the page, something like ?view=loginAlt.

I think that adding the new login screen would be the easiest part here, the main thing is to prepare a new authentication method and all the functionalities for the methods since they won't be able to use protobuff connection that current one does.

For this purpose i think that parts of backend.py file can be utilized and most changes should be made in it, authentication.py and plugin.py for the logic switches.

nakda commented 4 years ago

@FriendsOfGalaxy Thank you very much for the heads up and leading me to the relevant part of the projects. I got a three-days weekend upcoming so I'll probably start investigating then.

Will keep you updated.

nakda commented 4 years ago

@FriendsOfGalaxy @shakeyourbunny I quickly started investigating. Here's my understanding of how the alternative login process should work:

  1. GOG Galaxy 2 user initiates a connection through the integration module
  2. He is presented the current login form, but a new button allows him to use OpenID instead
  3. User is sent through Steam OpenID authentication process
  4. When authentication succeed, he falls back to the steam-integration view where he needs to enter his Steam Web API Key
  5. With user's identity verified by OpenID and Steam Web API Key fetched, GOG Galaxy 2 can probably use GetPublisherAppOwnership to build a list of owned applications

Few questions:

  1. Is my understanding of the process correct?
  2. Steam is recommending usage of open source OpenID libraries: would that work within GOG Galaxy 2? Any preference?
  3. The GetPublisherAppOwnership call comes with the following note: This call requires a publisher API key to use this method. As such this API MUST be called from a secure server, and can never be used directly by clients! Would that work?
FriendsOfGalaxy commented 4 years ago

@Nakda

Hey, to answer your questions.

1) Points 1-4 seem correct.

as to point 5: What Galaxy does is ask the plugin for things, for example for "owned_games" for a given platform. To that plugin responds, with a list of owned games, list of users friends etc. So GOG Galaxy 2 can probably use GetPublisherAppOwnership to build a list of owned applications won't happen, all of that has to be done by the plugin and as a part of the proposed mr (otherwise this new plugin version would be pointless)

2) Sure, no problem, if its a popular python library that allows its usage in its license agreement then why not.

3) We have nowhere to hide such key except plugin code (which is open source so its not hiding anything). That's one of the hard things to solve here, i imagine that if this key is left public something malicious could be done with it by a 3rd party.

A solution would be to as suggested host this key on a secure server which would then serve the responses to the plugin.

nakda commented 4 years ago

@FriendsOfGalaxy Do you think GOG Galaxy devs could provide an API so that the client would handle sensitive data storage itself?

Providing a secure storage solution through client-handled encryption could be a solution. It could be encrypted differently for each user on the local computer. That way, the client won't be able to give access to sensitive data to the wrong user.

FriendsOfGalaxy commented 4 years ago

@Nakda Galaxy offers a storage to the plugins but its not secured in any way. ( persistent_cache and push_cache() method in plugin api )

If you want to consider local encryption and decryption of files then honestly everything that Galaxy can do could be done through python (It can have injected C code too) so the answer would probably be something along "do it yourself". Holding any encryption consts in C/C++ code is an obfuscation not security so not much difference there.

Afaik the only way to ensure the proper apikey security here would be to not expose it at all and keep it on a machine that communicates in a restricted way (a server which would only respond with the results of calls to steam backends).

I might be wrong in some cases here and if u think that the client could provide a secure layer which plugins can't then best bet is to create an issue here https://github.com/gogcom/galaxy-integrations-python-api/issues so someone from Galaxy can take a look at it.

nakda commented 4 years ago

@FriendsOfGalaxy I got few observations to share after investigating on this:

I'm trying to find an elegant way to switch back and forth between the current login form and the new one. After that, I'll try requesting SteamID + API Key for primary tests, then identifying an OpenID library to embed instead.

mmlac commented 4 years ago

Regarding browser authentication: OIDC's Authentication Flow should allow you to use the user's browser. This is the correct way to implement it. If your plugin is allowed to open a port, problem solved. If it's not, Galaxy should provide a credentials callback port (localhost:\<port>) that you can request and get the token back.

Secure storage is Galaxy's job, most likely an encrypted file / file-based DB would be the way to go. It's not a very large barrier to breach, but better than plaintext.

mwisnicki commented 4 years ago

I think on Windows you can easily register custom URI protocol handler and get callback to that.

mmlac commented 4 years ago

You don't need a protocol handler, a simple port + http library works for most callbacks. Don't know if Steam allows it.

Luckz commented 4 years ago
  • Steam API call IPlayerService.GetOwnedGames can return the full list of owned games in a single call

That command returns some list of games, but certainly not a universally applicable full list. For me it's missing ~30% of my games compared to what Steam shows in Library -> ALL -> GAMES.

FriendsOfGalaxy commented 3 years ago

Hello there,

since the issue is stale for a while, maybe the first step to push this most upvoted idea about using user owned API key:

EDIT: Could it be we at least get the choice between API token and the current way?

would be to create alternative steam plugin? It cannot be ideal on start and there are still some doubts like in comment above, but that's better than nothing. I won't have time to maintain both solutions right now, but if it become mature enough we can discuss how to (and whether) integrate both ideas in one plugin.

What do you think? Anybody wants to try?

DragRedSim commented 3 years ago

I've been doing some hacking away at the Steam plugin to attempt to move the connection flow away from the custom login script and towards using the Steam OpenID implementation. However, to do this properly will require a major rework of the plugin, in order to keep all features. The reason for this is that the current Steam plugin uses a websocket-based approach to connect to the Steam network and pass its calls, emulating the behaviour of the actual Steam client. To do so, it requires access to the username and password of the account, effectively pretending to be the user's actual Steam client. Moving to an OpenID-based login approach does not provide this; it only allows us to see the SteamID of the user account, and any data based on that information. With an API key provided by the user, this is enough to access all the current data used by the plugin. However, that is the part that requires a major rewrite of the whole plugin to access data through Web APIs, rather than the client-emulation method. It would be possible to produce an OpenID request URL that redirects the user to an instruction page to get the API key, and store it as a cookie to then save as part of the stored_parameters.

FriendsOfGalaxy commented 3 years ago

Hello,

we're proud to announce that the issue is solved on plugin release 1.0.0 🎉 !

Plugin supports now different backends as a sources of data importation. Type of used backend is configurable. See https://github.com/FriendsOfGalaxy/galaxy-integration-steam/blob/master/README.md#configuration-of-the-backend-operation-mode for more details

public_profiles backend was added - it requires to have steamcommunity profile set to public, BUT does not require providing user credentials.

The change was prepared with modularity in mind so it shouldn't be very problematic to add more backends for example the one that uses Steam OpenID which was proposed in this thread. I don't plan to implement OpenID solution myself, but we're open to PRs. And there is no longer a requirement for new backend to have a full set of features.

If @Nakda @shakeyourbunny @DragRedSim or anybody is still interested in contribution to add a new backend, take a look with some hints:

I'm closing the task, but if you want to share some ideas feel free to post here. For new implementation details, lets move the discussion for appropriate PR once created. You can create WIP PR as well for quicker feedback.

nakda commented 3 years ago

@FriendsOfGalaxy Very glad to hear about this. Thanks for lettings us know!

I tried to add the plugin from Galaxy through the Connect button, but it asked for my credentials through the login window. So I went to edit the steam_plugin_config.ini to set initial = public_profiles and fallback = none, but now when I hit Connect I got a "Plugin has crashed. Retry" error message.

I guess it's because the plugin is not properly initialized and doesn't know which steam public profile he should look for? Is there any way to feed the plugin with a steamid somewhere? Or is it an unexpected error?

EDIT: My bad, I forgot to add the section header [BackendMode] EDIT 2: Working nicely! Great 👍

boltronics commented 3 years ago

Works for me too. Thanks!